论文信息 - A Self-learning Anomaly-Based Web Application Firewall

A Self-learning Anomaly-Based Web Application Firewall

A simple and effective web application firewall is presented. This system follows the anomalous approach, therefore it can detect both known and unknown web attacks. The system decides whether the incoming requests are attacks or not aided by an XML file. The XML file contains the normal behavior of the target web application statistically characterized and is built from a set of normal requests artificially generated. Any request which deviates from the normal behavior is considered anomalous. The system has been applied to protect a real web application. An increasing number of training requests have been used to train the system. Experiments show that when the XML file has enough data to closely characterize the normal behaviour of the target web application, a very high detection rate is reached while the false alarm rate ramains very low.

[1] Jung-Min Park,et al. An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[2] Juan M. Est,et al. Measuring normality in HTTP traffic for anomaly-based intrusion detection , 2004 .

[3] Juan E. Tapiador,et al. Measuring normality in HTTP traffic for anomaly-based intrusion detection , 2004, Comput. Networks.

[4] Christopher Krügel,et al. A multi-model approach to the detection of web-based attacks , 2005, Comput. Networks.

[5] Ron Kohavi,et al. The Case against Accuracy Estimation for Comparing Induction Algorithms , 1998, ICML.

[6] Gonzalo Álvarez,et al. A new taxonomy of Web attacks suitable for efficient encoding , 2003, Comput. Secur..

[7] Chien-Lung Hsu,et al. Cryptanalyses and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy , 2003, Comput. Secur..